📄 chntpw.c
字号:
(unsigned char)*(vp+ntpw_offs+i) = despw[i]; (unsigned char)*(vp+lmpw_offs+i) = newlandes[i]; }#if 0 hexprnt("Pw in buffer: ",(vp+ntpw_offs),16); hexprnt("Lm in buffer: ",(vp+lmpw_offs),16);#endif dirty = 1; printf("\n"); } else { printf("Nothing changed.\n"); } printf("\n"); return(username);}/* Here we put our knowledge to use, basic routines to * decode and display registry contents almost like a filesystem *//* display (cat) the value, * vofs = offset to 'nk' node, paths relative to this (or 0 for root) * path = path string to value * Does not handle all types yet (does a hexdump instead) * MULTI_SZ (multi unicode-string) - only displays first string, * but also does a hexdump. */void cat_vk(struct hive *hdesc, int nkofs, char *path){ void *data; int len,i,type; char string[SZ_MAX+1]; type = get_val_type(hdesc, nkofs, path); if (type == -1) { printf("cat_vk: No such value <%s>\n",path); return; } len = get_val_len(hdesc, nkofs, path); if (!len) { printf("cat_vk: Value <%s> has zero length\n",path); return; } data = (void *)get_val_data(hdesc, nkofs, path, 0); if (!data) { printf("cat_vk: Value <%s> references NULL-pointer (bad boy!)\n",path); abort(); return; } printf("Value <%s> of type %s, data length %d [0x%x]\n", path, (type < REG_MAX ? val_types[type] : "(unknown)"), len, len); switch (type) { case REG_SZ: case REG_EXPAND_SZ: case REG_MULTI_SZ: cheap_uni2ascii(data,string,len); for (i = 0; i < (len>>1)-1; i++) { if (string[i] == 0) string[i] = '\n'; if (type == REG_SZ) break; } puts(string); break; case REG_DWORD: printf("0x%08x",*(unsigned short *)data); break; default: printf("Don't know how to handle type yet!\n"); case REG_BINARY: hexdump((char *)data, 0, len, 1); } putchar('\n');}/* =================================================================== *//* Registry editor frontend */struct cmds { char cmd_str[12]; int cmd_num;};#define MCMD_CD 1#define MCMD_LS 2#define MCMD_QUIT 3#define MCMD_CAT 4#define MCMD_STRUCT 5#define MCMD_DEBUG 6#define MCMD_HELP 7#define MCMD_PASSWD 8#define MCMD_HIVE 9#define MCMD_EDIT 10struct cmds maincmds[] = { "cd" , MCMD_CD, "ls" , MCMD_LS, "dir", MCMD_LS, "q" , MCMD_QUIT, "cat", MCMD_CAT, "type",MCMD_CAT, "st" , MCMD_STRUCT, "pw" , MCMD_PASSWD, "passwd", MCMD_PASSWD, "debug", MCMD_DEBUG, "hive", MCMD_HIVE, "ed", MCMD_EDIT, "?", MCMD_HELP, "", 0};/* Edit value: Invoke whatever is needed to edit it * based on its type */void edit_val(struct hive *h, int nkofs, char *path){ struct keyval *kv; int type,len,n,i,in,go, d = 0; char inbuf[SZ_MAX+4]; char origstring[SZ_MAX+4]; char newstring[SZ_MAX+4]; char *dbuf; type = get_val_type(h, nkofs, path); if (type == -1) { printf("Value <%s> not found!\n",path); return; } kv = get_val2buf(h, NULL, nkofs, path, type); if (!kv) { printf("Unable to get data of value <%s>\n",path); return; } len = kv->len; printf("EDIT: <%s> of type %s with length %d [0x%x]\n", path, (type < REG_MAX ? val_types[type] : "(unknown)"), len, len); switch(type) { case REG_DWORD: printf("DWORD: Old value %d [0x%x], ", kv->data, kv->data); fmyinput("enter new value (prepend 0x if hex, empty to keep old value)\n-> ", inbuf, 12); if (*inbuf) { sscanf(inbuf,"%i",&kv->data); d = 1; } printf("DWORD: New value %d [0x%x], ", kv->data, kv->data); break; case REG_SZ: case REG_EXPAND_SZ: case REG_MULTI_SZ: dbuf = (char *)&kv->data; cheap_uni2ascii(dbuf,origstring,len); n = 0; i = 0; while (i < (len>>1)-1) { printf("[%2d]: %s\n",n,origstring+i); i += strlen(origstring+i) + 1; n++; } printf("\nNow enter new strings, one by one.\n"); printf("Enter nothing to keep old,\n"); if (type == REG_MULTI_SZ) { printf("'--n' to quit (filling rest of value with NULLs)\n"); printf("'--q' to quit (leaving remaining strings as is)\n"); printf("'--' for empty string in this position\n"); } n = 0; i = 0; in = 0; go = 0; memset(newstring, 0, (len>>1)); while (i < (len>>1)-1) { printf("%d bytes left\n",len - (in<<1)); printf("[%2d]: %s\n",n,origstring+i); if (!go) fmyinput("-> ",inbuf, 500); else *inbuf = 0; if (*inbuf && strcmp("--q", inbuf)) { if (!strcmp("--n", inbuf)) { in = (len>>1) +1; i = in; } else { strncpy(newstring+in, inbuf, 499); in += strlen(inbuf)+1; } } else { strncpy(newstring+in, origstring+i, 499); in += strlen(origstring+i)+1; if (!strcmp("--q", inbuf)) go = 1; } i += strlen(origstring+i) + 1; n++; if (type != REG_MULTI_SZ) i = (len<<1); } cheap_ascii2uni(newstring, dbuf, len>>1); /* Force NULL termination */ *(dbuf+len-1) = 0; *(dbuf+len-2) = 0; *(dbuf+len-3) = 0; d = 1; break; /* debugit(newstring, len>>1); */ default: printf("Type not handeled (yet), invoking hex editor on data!\n"); case REG_BINARY: d = debugit((char *)&kv->data, kv->len); break; } if (d) { if (!(put_buf2val(h, kv, nkofs, path, type))) { printf("Failed to set value!?\n"); } } FREE(kv);}/* look up command in array */int parsecmd(char **s, struct cmds *cmd){ char temp[10]; int i,l = 0; while ((*s)[l] && ((*s)[l] != ' ')) { l++; } while (cmd->cmd_num) { if (!strncmp(*s, cmd->cmd_str, l)) { *s += l; return(cmd->cmd_num); } cmd++; } return(0);}/* Simple interactive command-parser * Main loop for manually looking through the registry */void mainloop(void){ struct hive *hdesc; int cdofs, newofs; struct nk_key *cdkey; char inbuf[100],whatbuf[100],*bp; char path[1000]; int l, vkofs, nh; int usehive = 0; hdesc = hive[usehive]; cdofs = hdesc->rootofs; printf("Simple registry editor. ? for help.\n"); while (1) { cdkey = (struct nk_key *)(hdesc->buffer + cdofs); *path = 0; get_abs_path(hdesc,cdofs+4, path, 50); printf("\n[%0x] %s> ",cdofs,path); l = fmyinput("",inbuf,90); bp = inbuf; skipspace(&bp); if (l > 0 && *bp) { switch(parsecmd(&bp,maincmds)) { case MCMD_HELP: printf("Simple registry editor:\n"); printf("hive [<n>] - list loaded hives or switch to hive numer n'\n"); printf("cd <key> - change key\nls | dir [<key>] - show subkeys & values,\n"); printf("cat | type <value> - show key value\nst [<hexaddr>] - show struct info\n"); /* printf("pw | passwd [<hexaddr>] - try the password routine on struct at <hexaddr>\n"); */ printf("ed <value> - edit existing value (only same datalength allowed for now)\n"); printf("debug - enter buffer hexeditor\nq - quit\n"); break; case MCMD_LS : bp++; skipspace(&bp); nk_ls(hdesc, bp, cdofs+4, 0); break; case MCMD_EDIT : bp++; skipspace(&bp); edit_val(hdesc, cdofs+4, bp); break; case MCMD_HIVE : bp++; skipspace(&bp); if (*bp) { nh = gethex(&bp); if (nh >= 0 && nh < no_hives) { usehive = nh; printf("Switching to hive #%d, named <%s>, size %d [0x%x]\n", usehive, hive[usehive]->filename, hive[usehive]->size, hive[usehive]->size); hdesc = hive[usehive]; cdofs = hdesc->rootofs; } } else { for (nh = 0; nh < no_hives; nh++) { printf("%c %c %2d %9d 0x%08x <%s>\n", (nh == usehive) ? '*' : ' ', (hive[nh]->state & HMODE_DIRTY) ? 'D' : ' ', nh, hive[nh]->size, hive[nh]->size, hive[nh]->filename); } } break; case MCMD_CD : bp++; skipspace(&bp); newofs = trav_path(hdesc, cdofs+4,bp,0); if (newofs) cdofs = newofs; else printf("Key %s not found!\n",bp); break; case MCMD_CAT: bp++; skipspace(&bp); cat_vk(hdesc,cdofs+4,bp); break; case MCMD_STRUCT: bp++; skipspace(&bp); vkofs = cdofs; if (*bp) { vkofs = gethex(&bp); } parse_block(hdesc,vkofs,1); break;#if 0 case MCMD_PASSWD: bp++; skipspace(&bp); vkofs = cdofs; if (*bp) { vkofs = gethex(&bp); } seek_n_destroy(vkofs,0,-get_int(buf+vkofs)+4,0); break;#endif case MCMD_DEBUG: if (debugit(hdesc->buffer,hdesc->size)) hdesc->state |= HMODE_DIRTY; break; case MCMD_QUIT: return; break; default: printf("Unknown command: %s\n",bp); break; } } }}/* List users in SAM file * pageit - hmm.. forgot this one for this release.. */int list_users(int pageit){ char s[200];⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -